ffd0d14f526efcb084f69ba8ee454c59d9e08e0ee6e0a630e09422cd4073ea2c

Analysis

max time kernel
2s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a7511f22c7219d00c5495079114ffb7_JaffaCakes118.html
Size

1KB
MD5

9a7511f22c7219d00c5495079114ffb7
SHA1

22de9c8783addd653c8cb0adf46ae0bed14bd587
SHA256

ffd0d14f526efcb084f69ba8ee454c59d9e08e0ee6e0a630e09422cd4073ea2c
SHA512

a6f5b5b4ad62d5ad7e8d56133def0c2a084376a537b49c355bb65db5b3ddbaeded7985695dd5b7af046e72d57fca890947d04ad0ccf89ec9e04220671c15cac0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27E2B431-2712-11EF-8303-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1464	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1464	iexplore.exe
1464	iexplore.exe
1344	IEXPLORE.EXE
1344	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 1344	1464	iexplore.exe	28
PID 1464 wrote to memory of 1344	1464	iexplore.exe	28
PID 1464 wrote to memory of 1344	1464	iexplore.exe	28
PID 1464 wrote to memory of 1344	1464	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9a7511f22c7219d00c5495079114ffb7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1464 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
afd7ba2153ce01868a1238eddcc232e5

SHA1
c1158ac0d8eb8bc780b7ff852523bc256b451500

SHA256
3eada206f37f5fddf52237f4aff94476ba1c6107172f50337befaf633cccd780

SHA512
9a1ded2fe33e8001f0630667a0cb5aa98738da1d5036d24cd6bd192347875030cd88931bb951b6e148001a093b7ad685202c73a65070e771fe3f28ab57aa43bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a1c8317329df55be878a81f53e9d8bd

SHA1
ab08e7036f6aa3e52b48608de014d4cb94631e14

SHA256
2510430d05e039b1f105aa40243c0e089df75e6e8afb4a9822515c7df9702530

SHA512
4be5d475fbf7376adb2ee9c277cf9efbbbf29c1cb3e0c6f3a45f2cd96276875296937474daf1675b65a857561fae0ebafb1fce637065610e9f1eb9e5f07ee5d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1049b15c175bbc0fbc5be7f15f74c1de

SHA1
55f5a7aa7fd7ad2e5adc18493b7fb098b006efde

SHA256
d61dc6f64baeedfe6e922558addff53cd1bddfd2268c0ccf2e493e4c56c834ac

SHA512
6656fe49e6318d255090603cd976fd076ac71a5490a3ca5b8c153bf2340305065dd53db827cd65e88723e4ba7d4de62415dabcc0e5d029acbddc911560f66e5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0da842d1ccc00f8031df35d56ce860d3

SHA1
48ab659c621c4e7642b75d820457739703c7d135

SHA256
5f01c4b9a5b94dc3173faffd60dcf455b0868a5a3f1cfd71c51323b1f0b82ee7

SHA512
ec51016037fafc17e01936354b8dca5c1df1e4d8aa948b63917c293075ca8d187c500470e5e6a9d3800220bb6937bd5b63629215d29c8c71d54a71fed5a7f8ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f0730c9b14afef82261f56679ffccb1

SHA1
c0871a15fd86b3a59be45c78fa1d58c2fb5640bf

SHA256
918008deef9d9474df648b37d4869938622292fd1495a8c1db5bc201b25bc248

SHA512
d5c159232c9869d1379299082f40079435ef1394f1d09413fc27e5607ddeb4b70f239c5ffddd9ff767936a9bf1022927cabffc2ee53de7c694acffb93f25cf6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffb65d8146c9cf1dc92933721a686556

SHA1
50ba1fb476386855b402daa35dba51b007cfcd08

SHA256
95f2800c97b182e10d2e2be9c34f1b91523ec7519fdaf8126fa861a62e8845db

SHA512
eb7e3aa9f5b7cf6c07f49d99b4ca34d1dc783f26600499319c2dc2a6df9158e98f4f531cc5fd914bd219a35136e57190205b4f1a0f59ef3335254801a2be42c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
009a151ce4f4613d837d719584fc1ece

SHA1
7ac4fa896601aff539f49e1d99481ce73fde48f5

SHA256
27d6af55ab696fa5e38a2d13fa392d7f4d9b59fb60326ff86aa29c0ebd5de859

SHA512
7b37430eed4038e34a7230c0027cc78e03c6dc8d57b6c6123eaca2ae16f2cfb8b6f8f9bc5555a013e3140d6fb69fd378effda5214bc39243d6706c4b367ec75e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6074b7312e9586a0dd89c10f5043063

SHA1
64beebce46ba4f9c9804bf61e5e4591e4d7de9bd

SHA256
f8efaa72b66a31b01305d81976f25f159ebda5fa57b839a7b3ed026de8c3cddb

SHA512
57b7260aef54a185bf0e5de6e61027df2ca39bcebfa6e4ff8d2eac136a4dd7aeb14e84a0a7995d2fd82728855dcb6b8a41af127d930db7e9221b6cc557185674

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
984363b35f4a0cb111ba191cd3ed2749

SHA1
4496a2b58844e0a9b29f7b00000c6105b82d8b6c

SHA256
fe148c0aaccbe375655b326bcb280faa58b42ba17e7a0803fe7890ed30c37d31

SHA512
7ac095080121555d035f84e38e4dc32551c6d0af317cf89a9f5c39d00cd7965164477a0d9c46e31474eb92ca22f20d92b0592b27d1429e8bdb6b8d1c036ecec1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82cb5fe6eee82b6be1b0082b00f09ecd

SHA1
116316a8d3321acf865dba2ec300bb21b75ec508

SHA256
3fb763d9816796f9496b38aee48462a39e9c9197bee6efe8d0d9d58eaf379c54

SHA512
739bd5102fcc031c5ac16fde4b5dd82213b598492cf675400eefb9ca442ca190fa731cab097ac145800f12d56aee84cca4a2625376e53b9dc56dae00baf5da3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e731ec06ad4a68d220a60575fbdaa59

SHA1
33c0fa65d95c666a198cdae079066db1f28e1e0a

SHA256
39a872022891cc8ed83514ce01c71fb1190f0e0cf3ebcfe7f58a925be329a98d

SHA512
9adb71e8e3f01637441c5bb09fcd738e6a62db63d8e4d897f46b2d97743848bccdb10f726684ef18f6e9f49f5fb9cdaf58956e56f86c09904004114098a4639a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c477a01e102ff514a5f0569448646896

SHA1
0356aa7ae239bf44984ca5d8061d8eb0e25a99de

SHA256
d6c6e248ec7a8bec496c1c43e49eba3b072841fd16d2f3fc70266081b4f12f67

SHA512
97849826074b804dbdfc28015b39ff4c0d0c72987566eb05534b8e28acd91d491ea98d6bda569c56ae0eb390abbc3e6640a23d5e1109bdb077aa7dc4df23150c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b6a8749f01aacb96db32ba182261f1c

SHA1
eaeb5cbe80bc6ad8387712d1044be50d6ddbeec4

SHA256
b75c515b0be661ef59673f33b31cab99c09fb1cd1774361f2c13369c6d724405

SHA512
3c67c8ea9f74f08bfd8ad094d7e5175eb49ff84405d64eb7dd71b3af7ee8e59ecf2cc42c1b39b452f96fd5a01208ed5b951325c22433f8c2c2b63205e780bbb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20a1736b362e04be851002ac1c668870

SHA1
acb9238d8a6237f98c6b237eb58597cdee729dab

SHA256
1855fcabf5f8e7e44d7465d54cf5e054122e151b87ce4aeecb923aa68d5da8ac

SHA512
278c978ee92c2bc36c3822950e2773eb3b4fa511dcf52640d63333151f896f45e0be90164c0d941359ac9e14e4fd9ba2f21b94b8bb7eccd82fab480bade0d114

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
3fc083e45338c58dfa5863609707abdf

SHA1
fa6382efabdb394ad22e2dcd2181e274169a942a

SHA256
ef0085d7e87d2f0d3b0e6a1017df85b53bd8bf67551b169ff730fc3e337be91a

SHA512
bec10e35e763c1ead4da0dc2cd7c1dfdc5a212b378bdf7348e795cd83979c022cd3cbce0e5993d566820ad617b2e8175a0475b9d3528200264e5c6dcfb592bb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3FB1.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3FB2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4564.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit